Using SSL/TLS
Telnet Secure Socket Layer (SSL) and Transport Layer Security (TLS) security protocols are available for 3270 and 5250 session types, and Telnet Extended SSL/TLS support is available for 3270 session types. These Telnet options help you implement a connection between a host requiring this form of security and the Host Integrator session server. To implement a secure connection between the client and the Host Integrator session server, use the security options in the Administrative Console.
If SSL is implemented on the host for encryption purposes only, select the SSL/TLS checkbox.
SSL 3.0, TLS 1.0, and TLS 1.1 are no longer supported by Host Integrator, but can be accessed for legacy host connections, if needed. See the Installation Guide topic, Encrypting Host Connections for more information.
Client Authentication
If the host requires client authentication from Host Integrator, your private key and client certificate must be stored in a file named certificate.pem
. The file must be in PEM format with the private key first, followed by the certificate chain in chain order.
You must create and store this file in a subdirectory named securehost. For example:
-
On Windows
\Program Files\Micro Focus\Verastream\HostIntegrator\securehost
-
On Linux
/opt/microfocus/verastream/HostIntegrator/securehost
If your certificate and private key are in PFX format, you can use the OpenSLL command line utility or other conversion tool to convert it to standard PEM format. For example, this conversion tool.
It is good practice to open the resulting file in a text viewer to verify it is in PEM format with the private key first. PEM certificates are text files containing base64-encoded data and lines such as "----BEGIN CERTIFICATE---" and "----END CERTIFICATE---"
.
FIPS Validation
To use FIPS 140-2 validated TLS version 1 encryption for SSL support, you must first define an environment variable, VHI_FIPS = 1
. After this variable is set all SSL/TLS connections will use the FIPS 140-2 Crypto Libraries.